The decentralized finance project SafeMoon, which was exploited in March, resulting in a net loss of $8.9 million in BNB (BNB), has been charged by the United States Securities and Exchange Commission (SEC) for security rules violations and fraud.
The funds associated with the exploit have been on the move via centralized exchanges, with blockchain analytic firm Match Systems believing the transfers could become critical for law enforcement agencies.
Sean Thornton from Match Systems told Cointelegraph that it suspects centralized exchanges were used as an intermediate link in the money laundering chain.
Match System carried out a post-mortem of the SafeMoon smart contract and the subsequent movement of funds to analyze the behavior of the exploiters. The analysis revealed that the hacker exploited a vulnerability in SafeMoon’s contract associated with the “Bridge Burn” feature, allowing anyone to call the “burn" function on SFM tokens at any address. These attackers used the vulnerability to transfer other users’ tokens to the developer’s address.
The transfer made by exploiters resulted in 32 billion SFM tokens being sent from SafeMoon’s LP address to SafeMoon’s deployer address. This led to an instant pump in the value of tokens. The exploiter used the price pump to swap some of the SFM tokens for BNBs at an inflated price. As a result, 27380 BNB were transferred to the hacker’s address.
Match System, in its analysis, found that the smart contract vulnerability was not present in the previous version and only came in with the new update on March 28, the day of the exploit, leading many to believe the involvement of an insider. These speculations gained more fuel by Nov.1 as the SECf iled charges against SafeMoon project
Read more on cointelegraph.com